Hello,
We have a topology thus:
2 different ISPs -> Router -> ASA
We also have a site to site VPN between our ASA and our remote ASA, and a remote access VPN. Our goal is to have our VPNs go through our Sprint ISP, while our users go out through our Comcast. On our router, we have the default route set to go through our Comcast, and a static IP to go to our remote site for the s2s VPN. We have our Users PATed to a Comcast IP using route-maps. That all works fine. However, I need to set up the remote VPN. Because the default route is set to Comcast, it can't form a tunnel since the endpoint IP is a Sprint IP. I have seen documentation on using PBR to route encrypted traffic to a specified nexthop, but does it still work when the tunnel is not being formed on the router, but on the VPN? How would I implement this?
